Slashdot Mirror

← Back to Stories (view on slashdot.org)

Collection 1 Data Breach Exposes More Than 772 Million Email Addresses (zdnet.com)

Posted by BeauHD on from the another-day-another-breach dept.

A collection of almost 773 million unique email addresses and just under 22 million unique passwords were exposed on cloud service MEGA. Security researcher Troy Hunt said the collection of data, dubbed Collection #1, totaled over 12,000 separate files and more than 87GB of data. ZDNet reports: "What I can say is that my own personal data is in there and it's accurate; right email address and a password I used many years ago," Hunt wrote. "In short, if you're in this breach, one or more passwords you've previously used are floating around for others to see." Some passwords, including his own, have been "dehashed", that is converted back to plain text. Hunt said he gained the information after multiple people reached out to him with concerns over the data on MEGA, with the Collection #1 dump also being discussed on a hacking forum. "The post on the forum referenced 'a collection of 2000+ dehashed databases and Combos stored by topic' and provided a directory listing of 2,890 of the files," Hunt wrote. The collection has since been removed. You can visit Hunt's Have I Been Pwned service to see if you are affected by this breach.

3 of 68 comments (clear)

  1. Re:/Oblg. Honey pot by thermopile · · Score: 4, Informative
    Here's Troy's write-up of the incident, which is better than the ZD net account:

    https://www.troyhunt.com/the-773-million-record-collection-1-data-reach/

    --

    "Diplomacy is something you do until you find a rock." --Richard Pound

  2. They have a great API by piojo · · Score: 5, Informative

    I love their API. You can do a search without submitting any sensitive information. Not even a full sha1sum. You send a partial sha1sum, and they send back possible matches. Locally, you see if any are exact matches.

    Here is a bash/zsh function which looks up a password (obviously without printing it to console or sending it anywhere):

    function haveibeenpwned() {
    echo "Enter password to check:"
    stty -echo
    read line
    stty echo
    echo
    local sha1="$(echo -n "$line" | sha1sum - | cut -f1 -d' ')"
    echo sha1 is "$sha1"
    local prefix="$(echo "$sha1" | sed 's/\(.....\)\(.*\)/\1/')"
    local suffix="$(echo "$sha1" | sed 's/\(.....\)\(.*\)/\2/')"
    echo "Searching for prefix: $prefix and suffix: $suffix"
    echo
    curl "https://api.pwnedpasswords.com/range/$prefix" 2>/dev/null | grep -i "$suffix"
    }

    --
    A cat can't teach a dog to bark.
  3. Using BASH RegEx by DrYak · · Score: 4, Informative

    local prefix="$(echo "$sha1" | sed 's/\(.....\)\(.*\)/\1/')"
    local suffix="$(echo "$sha1" | sed 's/\(.....\)\(.*\)/\2/')"

    For recent Bash versions that have built-in RegEx :

    [[ "${sha1}" =~ ^(.....)(.*)$ ]]
    local prefix="${BASH_REMATCH[1]}"
    local suffix="${BASH_REMATCH[2]}"

    --
    "Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]